[英]Logging into google compute engine with a service account
I have spent the entire day today reading documentations and questions on stackexchange on trying to use service account to logon to a compute engine but have got no where. 我今天整天都在阅读有关stackexchange的文档和问题,以尝试使用服务帐户登录到计算引擎,但是却无处可寻。
I am new to google cloud, so pardon my knowledge. 我是Google Cloud的新手,请原谅我的知识。
We are trying to setup a long running service on a google compute engine. 我们正在尝试在Google计算引擎上设置长期运行的服务。 We want the service to be run as a system account but not on individual account so as to allow troubleshooting privileges across the team but not specific users.
我们希望该服务作为系统帐户而不是在单个帐户上运行,以便允许整个团队(而非特定用户)的故障排除特权。 We thought that service account of GCP should be able to accomplish this but we havent been able to get to logon to a compute engine as a service account.
我们认为GCP的服务帐户应该能够完成此任务,但是我们还无法作为服务帐户登录到计算引擎。 We took the following steps to try this out -
我们采取了以下步骤来进行尝试-
We hoped to be able to logon to the instance as the service account since we switched identity before logging on. 我们希望能够以服务帐户身份登录该实例,因为我们在登录之前切换了身份。 But we are not getting the desired effect.
但是我们没有得到预期的效果。
questions - 问题-
Thanks a lot for solving the confusion in advance, 非常感谢您提前解决了困惑,
The service account allows the Compute Engine instance to access other Google APIs. 该服务帐户允许Compute Engine实例访问其他Google API。 For example, the instance might need to access private content from Storage buckets or connect to a Datastore.
例如,该实例可能需要访问存储存储桶中的私有内容或连接到数据存储。 See https://cloud.google.com/iam/docs/service-accounts
请参阅https://cloud.google.com/iam/docs/service-accounts
In order to give your team members (ssh) access to a compute engine instance, you add them as members to the project by adding their Google accounts. 为了使您的团队成员(ssh)可以访问计算引擎实例,您可以通过添加其Google帐户将其添加为项目的成员。 Specify their level of access so they can only list and ssh in, but not create or delete.
指定他们的访问级别,这样他们只能列出和ssh进入,而不能创建或删除。 I think you want a new role with "Compute OS Login" permission.
我认为您想要具有“计算操作系统登录”权限的新角色。 They don't need billing set up either.
他们也不需要设置帐单。 See https://cloud.google.com/iam/docs/granting-changing-revoking-access
请参阅https://cloud.google.com/iam/docs/granting-changing-revoking-access
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.